A while back I enjoyed a [digital] sit down with a long term mentor and friend fellow Paladin Capital adviser, Sir David Omand. Sir David is someone from whom I have learned a great deal, not least in his recent book on How Spies Think. While chatting we both lit upon an area where clearer thinking is definitely needed: how can smaller companies – such an important part of our economic fabric – protect themselves?
Headlines tend to focus on breaches at high profile businesses and public bodies or, at the other end of the scale, on sad stories about individual victims of phishing and the like. Yet with SMEs representing 99 out of every 100 businesses in Europe, their readiness or not to tackle today’s cyber challenges is fundamental to securing economies and wellbeing.
A long-standing problem in Western cyber security is that advice on how to protect your company makes it sound like you need the resources and capabilities of a nation state. But small companies without IT departments and big budgets need access to technologies and advice at a manageable scale and cost. The good news is that many of today’s tech startups “get” security and are increasingly able to access the cloud-based services that are themselves the brainchildren of cyber entrepreneurs. Take Vectrix. Rather than a one-size-fits-all security approach that mainly fits big companies, this platform allows an SME to “pick and mix” cloud security modules according to which apps its running, be it Slack, Zoom or Google Workspace.
Gaining security skills has never been easier and cheaper. Not long ago it would have only been the very largest companies that could afford to improve their employees’ security skills at expensive in-person classes or access a cyber “range” to learn defence tactics. With startups like Hack The Box and RangeForce now offering online, flexible and cost-effective options, the way is clear for SMEs who want to get ready.
When at the National Cyber Security Centre, I once warned small businesses that there was a one in two chance they’d experience a breach. So the stakes couldn’t be higher. Small businesses are the engine of a nation’s economy but without proper security measures they risk the trust and loyalty of their customers. They are also the weak link in the global economy. Alarmingly, a 2021 survey by the UK’s Department for Digital, Culture, Media and Sport (DCMS) found that only 5% of businesses reviewed cyber risks from their wider supply chains.
You can see more of my discussion with Sir David here.